Fedora Core 6 & mod_ntlm

Joshua Miller joshua at itsecureadmin.com
Sun Jan 28 20:43:52 UTC 2007 

Just one more point of clarification here, when I indicated that the 
browser would present the user's login credentials to the web server, I 
mean that the browser would present the Windows login credentials of the 
current logged in user on that computer.  This is the single sign on 
(SSO) that the OP mentioned.

Thanks,
Josh, RCHE

Joshua Miller wrote:
> Thank you for your response, Lord of Gore.
> 
> While configuring Apache to authenticate against an LDAP data store 
> would be a great thing, the link you provide details how to configure 
> Apache to authenticate using mod_auth_ldap as an authentication 
> mechanism.  The problem with this authentication module is that the user 
> must enter their authentication credentials when they visit the site 
> instead of having their browser present the login credentials and have 
> the Apache server accept those credentials and log them in without user 
> intervention.  The benefit to using mod_ntlm is that the user does not 
> have to enter their login credentials -- similar to the benefit you 
> would get from using IIS.
> 
> LDAP is a great directory store, implemented in Active Directory and 
> other sources but it is not an authentication mechanism.  I believe that 
> this user is already attempting to authentication against an LDAP store, 
> most likely Active Directory.
> 
> Thank you,
> Josh, RHCE
> 
> Lord of Gore wrote:
>> Joshua Miller wrote:
>>> How would LDAP solve this problem?  LDAP is a data store, while 
>>> mod_ntlm is an authentication module...
>>>
>>> Thanks,
>>> Josh, RHCE
>>>
>>> Lord of Gore wrote:
>>>> Stephen Gilbert wrote:
>>>>> I'm trying to replace our company's IIS server with Apache on 
>>>>> Linux.  There
>>>>> is one feature that my users tell me they simply have to have, and 
>>>>> that is
>>>>> single-sign-on authentication of web apps.  I've looked around and 
>>>>> find this
>>>>> is accomplished with Apache using winbind and mod_ntlm.  I've got 
>>>>> winbind
>>>>> working, no problem.  I can authenticate users on my linux box with 
>>>>> our PDC,
>>>>> however I'm having problems getting mod_ntlm to compile. 
>>>> What about trying ldap?
>>>>
>>>
>> By using ladp authentication... :) A quick search on google gave me 
>> this link:
>> http://www.yolinux.com/TUTORIALS/LinuxTutorialApacheAddingLoginSiteProtection.html#LDAP 
>>
>>
>

More information about the redhat-list mailing list